November 2006 saw the launch of SC's Breakfast Briefings. Each seminar focused on different issues currently faced by security professionals and offered practical advice and useful contacts for the future to those present. Here we present the highlights of each event.
Remote working - In association with Boxing Orange
In recent years, mobile technology has come a long way, and it is nowmuch easier for an employee to access the company network from outsidethe office. This trend has given rise to concerns over security threatsand the protection of confidential data. As Matt Lawless (pictured), amanaged services consultant at Boxing Orange, pointed out, a company'speople may be its biggest asset, but they also pose the biggestrisk.
"The most secure system you can possibly have is to not allow anybody onyour network," agreed speaker Jon Kane, channel development manager atRSA. "It is only as good as your weakest point."
With ever more people accessing networks from outside organisations, orcarrying confidential information on mobile devices, it is vital toensure that your systems are safeguarded.
"People take these items home, plug them into other networks, then bringthem back in to work and reconnect them to your system," said NiallEl-Assaad, NAC product manager at Cisco. "While these devices areoutside the office, they are no longer under your control."
Loss or theft of these devices is also something to think about. Lastyear saw many instances of confidential data falling in to the wronghands, with organisations such as Nationwide and even the policeaffected. This causes embarrassment for the companies involved, and candamage reputations and customer trust.
However, there are ways to minimise your risk when dealing with mobiletechnology. One is to ensure that all data is encrypted. Philip Watkins,business development manager at SafeBoot, recommended using hard-diskencryption. "If you lose your laptop, no matter what tools a hackeruses, they will not be able to access your data," he claimed.
Combine this with token support and your network will be betterprotected than when relying on passwords.
"Many people tend to use the same word or phrase to access multipleapplications, without changing it on a regular basis," warned RSA'sKane. "That means somebody just needs to find out that one word to gainaccess to all parts of your system." The best alternative, he suggested,is to use a randomly generated pass code that changes around every 60seconds. This, along with a personal pin number, should boost thesecurity of an individual's login.
Creating a secure yet straightforward log-in procedure was somethingalso highlighted by Ray Smith, technical consultant, EMEA, at iPass."One of the greatest challenges security professionals face is achievingthe right balance between access and protection.'
One of the recurring messages of the morning was the fact that thepeople working remotely are not all likely to be IT professionals. Thatmeans it is important to keep things simple. Offer extra training toemployees as required to maximise the potential of any security systemsinstalled on your network.
As Lawless said: "We need to take the threats associated with remoteworking seriously. Forget the user at your cost."
Contact details: [email protected], tel 0871 871 0067;www.boxingorange.com.
